VEGAS/gitlab: add GitLab Runner

This commit is contained in:
Max Headroom 2022-02-01 21:18:08 +01:00
parent 0961b893eb
commit 24650556d8
4 changed files with 29 additions and 1 deletions

View file

@ -19,6 +19,7 @@ in
age.secrets = lib.flip lib.genAttrs mkSecret [ age.secrets = lib.flip lib.genAttrs mkSecret [
"gitlab-initial-root-password" "gitlab-initial-root-password"
"gitlab-openid-secret" "gitlab-openid-secret"
"gitlab-runner-registration"
"gitlab-secret-db" "gitlab-secret-db"
"gitlab-secret-jws" "gitlab-secret-jws"
"gitlab-secret-otp" "gitlab-secret-otp"
@ -81,5 +82,19 @@ in
}; };
}; };
services.gitlab-runner = {
enable = true;
services = {
shell = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = secrets.gitlab-runner-registration;
executor = "shell";
tagList = [ "shell" ];
};
};
};
services.nginx.virtualHosts."${cfg.host}" = tools.nginx.vhosts.proxy "http://unix:/run/gitlab/gitlab-workhorse.socket"; services.nginx.virtualHosts."${cfg.host}" = tools.nginx.vhosts.proxy "http://unix:/run/gitlab/gitlab-workhorse.socket";
} }

View file

@ -91,6 +91,6 @@ in
programs.ssh.knownHosts.git = { programs.ssh.knownHosts.git = {
hostNames = [ "git.${domain}" ]; hostNames = [ "git.${domain}" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0rChVEO9Qt7hr7vyiyOP7N45CjaxssFCZNOPCszEQi"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICz2nGA+Y4OxhMKsV6vKIns3hOoBkK557712h7FfWXcE";
}; };
} }

View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A YU2/APfP6kPGX5e7bHBWdaom4ZwmytI/IoP+g3th5h0
2IfalzEAkV0xCr35dOiCpxUHw24a3AbkOGVJ4L/uaWU
-> ssh-ed25519 5/zT0w DbMexjii0bSvqgGC9rNgCBOaQXfgzthcOPBT6dnKeGc
C4dMDu8WgATu0sdPKACw07Fn5jq6Pe7uN8/Iv2tVcAs
-> ssh-ed25519 d3WGuA uIwhL4l3t07R5TYO1zo3dV9ktgWtoKR4JdvaHblEB3M
265C3gEza2uh6oVca/gUNxqKjU2S8bhN/q4Dlw2EEy4
-> /"-grease +Wqw(R
4HG/GLt5Drs7C0j1+DBwRIHQDVEl2JNuZ+BLNuaNG5pFIdO0EIG26XJFfdGOPQHo
wkc
--- 2U7WL4OUr1Tcg3u3FejyVH8/RasT6Fc8a2M9acsycHQ
×úC# Ö½l% Ê\#̱‹×Âÿ²`S%AÇ¢Åæ<C385>[lh²Rq®X®U ²ªVo°G @a‡¿<E280A1>âÅ„»o/…3&€ØèyôI(Õ¢ŽýV®-Kê掕ù<E280A2>sî\çz:h§GœAsµ²n<C2B2>ÉêGáHà«tHˆq1Ùÿ<C399>.Þ¬»aù¢g؃ÿÞ¥†âA³e_TLiÄãEæéï³56±

View file

@ -9,6 +9,7 @@ in with hosts;
"ghost-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "ghost-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];